Receiving BIND requests on server that is no longer a DNS server. ..
Brian Keves - NCS UAI Contractor
keves at synopsys.com
Tue Apr 25 17:54:18 UTC 2000
>>>>>> "Jon" == Blackman, Jonathan <Jon.Blackman at wl.com> writes:
>
> Jon> Hi, We retired a DNS server a couple of years ago and now I
> Jon> have noticed that there are still several DNS servers trying
> Jon> to query the old address. Is there a way to find out where I
> Jon> still have the old address: 204.114.255.1 defined. We
> Jon> changed all of our NS record and NIC information way back.
> Jon> So, I can't imagine where they are getting this from.
>
>The chances are the queries are coming from resolvers: there will
>probably be some legacy desktops in your net that were configured to
>use the old server's IP address. Or maybe there are some idiot
>forwarding name servers that keep going to this IP address? It might
>be worthwhile starting a name server on that box again and turn on the
>query logging to find out what names are being looked up. That might
>give a clue about which domains might still have the old NS/A
>records. [You could also get this info by getting tcpdump to look for
>DNS queries to the old server's IP address.] At the very least, the
>query logging will tell you who's looking up what. It might also be an
>idea to check the delegations in the name servers for the parent
>zones. Maybe you updated the forward zone's delegation but forgot
>about the reverse?
I have to concur about this later. We had traffic coming in for a long
time to old addresses before we realized we didn't change our reverse lookup
Name Server records for our IP blocks.
Do a whois at ARIN for your IP blocks at:
http://www.arin.net/whois/index.html
Brian
-- --
Brian Keves E-Mail: keves at synopsys.com
Senior Unix Architect Phone: +1.650.584.4461
Network Computing Services Cell: +1.650.333.1223 #112
Synopsys, Inc. Fax: +1.650.584.4343
700 East Middlefield Road WWW: http://www.synopsys.com
M/S C-11 Physical: C1.136A
Mountain View, CA 94043-4033 "Who is John Galt?" - Ayn Rand
More information about the bind-users
mailing list